Active Directory: User UPN or DN for NTLM name, using pure LDAP?
Posted
by Bernd Haug
on Stack Overflow
See other posts from Stack Overflow
or by Bernd Haug
Published on 2010-03-30T08:18:53Z
Indexed on
2010/03/30
8:23 UTC
Read the original article
Hit count: 290
I have a Java app that can authenticate to LDAP by logging users into the AD LDAP server with the NTLM name (which they are used to - this is a requirement).
I now also need to do authorization, and hence need to find a forest-unique identifier for the user (DN or UPN should work), from which I can further query the directory.
The method needs to be absolutely portable, even if the AD is structured in an unusual fashion, otherwise I could just do a string replacement and search for a UPN of "${ntlm-user}@${ntlm-domain}.${configured-trailing-domain}"
How can I do this, using pure LDAP?
Currently, I'm using the java.naming.directory package, which I'd like to keep using, since it doesn't throw up problems when not binding with a DN but logging in with an NTLM name?
© Stack Overflow or respective owner